def login():
repository = Repository()
if current_user.is_authenticated:
stations = repository.owned_stations(current_user.get_id())
# list of stations
l = " ".join(f"{s['name']}({s['station_id']})" for s in stations)
app.logger.info("Authenticated user %s, owner of %s" %
(current_user.username, l))
return render_template("login.html",
user=current_user,
stations=stations)
form = LoginForm()
if form.validate_on_submit():
app.logger.info(
"Login requested for user %s, pass=%s, remember_me=%s" %
(form.username.data, form.password.data, form.remember.data))
user = repository.read_user(user=form.username.data)
if user is None:
app.logger.info("Login failed: invalid username: %s" %
form.username.data)
flash("Invalid username.")
return redirect(url_for("login"))
u = ApplicationUser(user)
if not u.check_password(form.password.data):
app.logger.info("Login failed: invalid password %s for user %s" %
(form.password.data, form.username.data))
flash("Invalid password.")
return redirect(url_for("login"))
if u.role == UserRole.BANNED:
app.logger.info(
"Login failed: attempt to login into disabled account %s" %
form.username.data)
flash("Account disabled.")
return redirect(url_for("login"))
app.logger.info("Login successful for user %s" % form.username.data)
login_user(u, remember=form.remember.data)
next_page = request.args.get("next")
if not next_page or url_parse(next_page).netloc != "":
next_page = url_for("index")
return redirect(next_page)
return render_template("login.html", form=form)
def test_user(self, repository: Repository):
"""Test if user data can be retrieved automatically."""
nonexistent = repository.read_user(user="******")
self.assertIsNone(nonexistent)
nonexistent = repository.read_user(user=6)
self.assertIsNone(nonexistent)
user1 = repository.read_user(user="******")
self.assertEqual(user1['username'], 'clarke')
self.assertEqual(
user1['digest'],
'pbkdf2:sha256:150000$Ij6XJyek$d6a0cd085e6955843a9c3224ccf24088852207d55bb056aa0b544168f94860b8'
) # sha256('password')
self.assertEqual(user1['email'], '*****@*****.**')
self.assertEqual(user1['role'], UserRole.ADMIN)
user2 = repository.read_user(user=3)
self.assertEqual(user2['username'], 'clarke')
self.assertEqual(
user2['digest'],
'pbkdf2:sha256:150000$Ij6XJyek$d6a0cd085e6955843a9c3224ccf24088852207d55bb056aa0b544168f94860b8'
) # sha256('password')
self.assertEqual(user2['email'], '*****@*****.**')
self.assertEqual(user2['role'], UserRole.ADMIN)
self.assertEqual(user1, user2)
# UserRole field is enum, better be safe and check all possible combinations.
user = repository.read_user(user='******')
self.assertEqual(user['role'], UserRole.REGULAR)
user = repository.read_user(user='******')
self.assertEqual(user['role'], UserRole.OWNER)
user = repository.read_user(user='******')
self.assertEqual(user['role'], UserRole.BANNED)
def load_user(user_id):
rep = Repository()
u = rep.read_user(user=user_id)
if u:
return ApplicationUser(u)
return None